Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - cyberspace

Pages: [1] 2 3 ... 34
1
CWP Secure Kernel is a regular linux kernel with a security addon. The security addon is Tomoyo:
https://tomoyo.sourceforge.net/
The linux kernel doesn't include the security addon Tomoyo by default. The kernel must be recompiled with the Tomoyo enabled. That is why the security enhancements don't  start when you boot the server using the update kernel.

However, I think CWP Secure Kernel should protect your from such vulnerabilities. It should not allow to run suspicious executable files/binaries, etc. Anyway, it is better to get confirmation from CWP Secure Kernel developers or check the Tomoyo rules if you understand Tomoyo )

2
What version of OS do you use ? Alamlinux 8/9, something else ?

Run:
Code: [Select]
uname -rwhen the server is booted with secure kernel and show output.

4
Dude, if CWP is so bad, then stop using it. If you decide to stick with CWP, then accept the risks.

CWP isn’t a “click and use” tool—at least not yet. You need to be an experienced system administrator if you want to keep your system updated before security patches aren't released by the developers.

I don’t understand people who blame CWP and still use it. There are so many free and paid panels...

5
Other / Re: Yanz Webshell! - PRIV8 WEB SHELL ORB YANZ BYPASS! V3.0
« on: July 06, 2026, 06:50:51 PM »
If you like cPanel and the price $40+ /month is acceptable for you then use cPanel and stop spamming this forum.

6
Other / Re: Yanz Webshell! - PRIV8 WEB SHELL ORB YANZ BYPASS! V3.0
« on: July 06, 2026, 06:09:46 PM »
There were statements because openssl and glibc are life critical libs. They are used by bank systems, government, etc.

cPanel doesn't make statements about every vulnerabilities.

cPanel made statements about the vulnerabilities discovered in May because there were more  than 40k hacked cPanel servers.

7
Your comparison makes me smile. Don't you think it isn't reasonable to compare cPanel ($40+/month) and CWP ($1/month if PRO license)  ?

I active cPanel user (admin) more than 20 years. It has a mail "bug". The bug is actively used by spammers if they have success to hack some outdated joomla,wordpress,prestashop... website. cPanel developers knows about it but they haven't fixed it. up to now. In their logic: this isn't a bug this is "feature" :)

Quote
And answering your question: yes, i think me and anyone with any tech knowledge WANT to see a full changelog of everything that changed. In fact, here in Europe, is LAW... so...

You make me smile again. Look here:
https://control-webpanel.com/about-us
(scroll down and look at "company").
Do you mean "Europe Union"  when you write "In fact, here in Europe" ? If so then I don't think Georgia is a part of EU and it means you have answer on your question about law in Europe )

8
Other / Re: Yanz Webshell! - PRIV8 WEB SHELL ORB YANZ BYPASS! V3.0
« on: July 06, 2026, 05:39:12 PM »
Any software has vulnerabilities. Some of them live more than 10 years: glibc: GHOST, Shellshock... etc.

That is why it is critically important to update all software but it doesn't make your system 100% safe.

9
I know—you want to see a long list of entries in the changelog, right?

But I don't think you'll find anything more detailed than "security fixes" in the changelogs of cPanel or most other commercial control panels. It's common practice.

10
Other / Re: Yanz Webshell! - PRIV8 WEB SHELL ORB YANZ BYPASS! V3.0
« on: July 06, 2026, 05:25:53 PM »
Well, sorry to say that you are the first known victim: https://forum.centos-webpanel.com/centos-webpanel-bugs/cwp-new-security-issue-and-no-communication

Don't mislead users. The links you provided point to pages describing vulnerabilities that affect Control Web Panel versions earlier than 0.9.8.1225.

The current CWP version is 0.9.8.1243.

So what's your point?

If you choose not to keep your system up to date, that's your responsibility. Also, just because a server was compromised doesn't mean it was hacked through a vulnerability in the control panel. The actual cause could just as easily be Joomla, WordPress, or some other software installed by the user. Don't you think that's a more reasonable assumption?

You're making a lot of noise.

11
The links provided by you lead to the pages where we can find:

Affected software: Control Web Panel < 0.9.8.1225

The actual version of CWP is 0.9.8.1243

So ... ?

12
Some error messages ?

13
CentOS 7 Problems / Re: MariaDB 10.11.18
« on: June 27, 2026, 09:32:15 PM »

14
Updates / Re: Unable to load dynamic library 'intl'
« on: June 27, 2026, 01:37:11 PM »

Quote
[php71]# /usr/local/cwp/php71/bin/php --version
PHP Warning:  Module 'intl' already loaded in Unknown on line 0
PHP 7.4.33 (cli) (built: Apr 26 2023 00:00:00) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
    with the ionCube PHP Loader + ionCube24 v15.5.0, Copyright (c) 2002-2026, by ionCube Ltd.

I think you tried to fix the problem using my solution on Almalinux 9. Right ? Almalinux 8 and Almalinux 9 use different php version for the base system. To make it working on Almalinux 9 use:

Code: [Select]
cd /usr/local/src/
wget https://www.php.net/distributions/php-7.4.33.tar.gz
tar -xvzf php-7.4.33.tar.gz
cd php-7.4.33/ext/intl/
/usr/local/cwp/php71/bin/phpize
./configure --with-php-config=/usr/local/cwp/php71/bin/php-config
make
make install
rm -rf /usr/local/src/php-7.4.33

15
CentOS 8 Problems / Re: Remove permanently goaccess
« on: June 25, 2026, 09:42:28 PM »
try to remove it and disable the goaccess RPM:

edit the file:
/etc/yum.repos.d/cwp.repo
add the line:
exclude = goaccess
at the end of the file (last line).

Pages: [1] 2 3 ... 34